Categories
Security

Hackers breached Mailchimp to phish cryptocurrency wallets

Mailchimp, the veteran email marketing platform, has confirmed that hackers used an internal tool to steal data from more than 100 of its clients — with the data being used to mount phishing attacks on the users of cryptocurrency services.

The breach was confirmed to the press by Mailchimp on Monday, but it had come to light over the weekend when users of the Trezor hardware cryptocurrency wallet reported being targeted by sophisticated phishing emails.

In a statement sent to The Verge, Mailchimp CISO Siobhan Smyth said that the company had become aware of the breach on March 26th when it detected unauthorized access of a tool used by the company’s customer support and account administration teams. Although Mailchimp deactivated the compromised employee accounts after learning of the breach, the hackers were still able to view around 300 Mailchimp user accounts and obtain audience data from 102 of them, Smyth said.

“We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers,” Smyth said. “We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents.”

However, details of the hack show that the compromise of Mailchimp’s internal tools was just one piece in a bigger puzzle. As Bleeping Computer reports, one of the stolen email lists was used to send a fake data breach notification to Trezor customers, prompting them to download a new version of the Trezor Suite desktop application. In fact, the email directed users to a phishing site that hosted a fake version of the application, designed to steal the seed phrase that would allow hackers to gain total control over a user’s cryptocurrency wallet. It’s currently unclear whether any Trezor users had funds stolen by the attack.

In a blog post published Monday, Trezor said that the attack was “exceptional in its sophistication and … clearly planned to a high level of detail,” with the cloned version of the Trezor Suite app presenting a realistic functionality to anyone who installed it. SatoshiLabs, the makers of the Trezor wallet, have not yet responded to further questions sent by The Verge.

So far, Mailchimp’s analysis has concluded that the attackers focused on obtaining data from users in the cryptocurrency and finance sectors. Unfortunately for Trezor users — and for customers of every other organization whose data was compromised — it’s safe to say that a skilled threat actor now has knowledge of the users’ email contact details and potentially the type of crypto hardware and software they are using.

Users of Trezor devices have been advised to report any new phishing attempts directly to security@trezor.io. Mailchimp has stated that the owners of all other compromised accounts have been informed, so more notifications from affected entities will likely appear soon.



Repost: Original Source and Author Link

Categories
Security

Scammers use Google Ads to siphon off hundreds of thousands of dollars from fake crypto wallets

The crypto world is full of dangers, with scammers lying in wait for newbies and novices. A recent report from security outfit Check Point Research highlights a potent form of attack: using Google Ads to direct users to fake crypto wallets. In its report, CPR said it has seen roughly half a million dollars siphoned off through these methods in just the last few days.

Here’s how the scam works. Attacker buys Google Ads in response to searches for popular crypto wallets (that’s the software used to store cryptocurrency, NFTs, and the like). CPR says it’s noticed scams targeting Phantom and MetaMask wallets, which are the most popular wallets for the Solana and Ethereum ecosystems.

When an unsuspecting user Googles “phantom,” the Google Ad result (which appears above actual search results) directs them to a phishing website that looks like the real thing. Then, one of two things happens: either the user enters their credentials which the attacker keeps. Or, much weirder, if they try to create a new wallet they’re told to use a recovery password which actually logs them into a wallet controlled by the attacker, not their own. “This means if they transfer any funds, the attacker will get that immediately,” says CPR.

The attackers use fake URLs to trick users into thinking they’re logging into their crypto wallets.
Image: CPR

As with other phishing scams, the fake sites are designed to look as similar as possible to the real ones.
Image: CPR

As with phishing scams more generally, the attackers rely on making their fake log-in pages look as much as possible like the real thing. CPR notes that they’ve seen attackers use fake URLs to trick users, directing them to phanton.app or phantonn.app, for example, instead of the correct phantom.app. The group has also seen similar phishing scams used to direct users to fake crypto currency exchanges, including PancakeSwap and UniSwap.

CPR’s researchers say they started noticing these scams after seeing crypto users complain about their losses on Reddit and other forums. They estimate that “at least half a million dollars” have been stolen over the past few days.

“I believe we’re at the advent of a new cyber crime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email,” said CPR’s Oded Vanunu in a press statement. “The phishing websites where victims were directed to reflected meticulous copying and imitation of wallet brand messaging. And what’s most alarming is that multiple scammer groups are bidding for keywords on Google Ads, which is likely a signal of the success of these new phishing campaigns that are geared to heist crypto wallets.”

The group offers a few words of wisdom for users hoping to avoid these pitfalls, including never clicking on Google Ads results but instead looking at search results, and always checking the URL of the site you’re visiting.

Repost: Original Source and Author Link

Categories
Tech News

Facebook welcomes Team Trump back with open arms and wallets

Facebook is doing a terrible job of banning Donald Trump from its platform.

From its failure to hold the former president accountable for the myriad misinformation campaigns conducted on his behalf by members of his campaign team from 2015 through 2018, to the most recent nonsense, it’s apparent that Facebook’s somehow vested in keeping Trump on the social network.

Up front: Facebook’s allowing “Team Trump,” a Page directly associated with numerous leadership and conservative PACs run by Donald Trump, to remain up and advertising on the site as of today, 21 June.

According to a report from FWIW:

The official Team Trump page is now owned by the former President’s political action committee, Save America. Save America is an entity directly controlled by Donald Trump, and Team Trump has not posted on Facebook since March 17th.

A quick peek at the ad information indicates the Page just purchased a little over $3K in ads for Ohio. We can also see that it’s spent more than $16 million since 2018.

Background: Facebook banned Trump from the platform indefinitely on 7 January for what the company deemed breaches of its terms of service.

Later, the company’s Oversight Board criticized the decision for its open-endedness and recommended a two year suspension instead – one that would lift in plenty of time for the 2024 election cycle.

Supposedly, Trump shouldn’t be allowed on the platform at all right now. And, per the company’s own terms of service, his associated accounts and any accounts attempting to access the platform on his behalf should be banned as well.

Quick take: This is a bunch of crap. Despite Trump’s ban, the former president can buy all the targeted ad space he wants on the world’s largest platform. The fact that Facebook sucks this badly at banning Trump makes it seem like this isn’t an accident.

The social network didn’t forget about the Trump page it’s collected over $16 million from.

When you consider how weird and creepy Trump and Facebook CEO Mark Zuckerberg’s relationship is, it all adds up to something government regulators should probably take a deep dive into.



Repost: Original Source and Author Link